Hear why identity is so critical to LogMeIn’s data privacy compliance.
Learn more about how SailPoint keeps you compliant.
Nicole Thomas: Hey, I’m NicoleThomas with SailPoint here at the Gartner Identity Access Management conference. I’m actually here live with one of our customers.
Kayla Williams: Hi I’m Kayla Williams. I’m the director of GRC for LogMeIn.
Nicole Thomas: Thanks Kayla, for being here. Can you tell us a little bit more about what you do at LogMeIn?
Kayla Williams: Absolutely. I am the director of GRC which is governance risk and compliance, so I take the CISOs vision and put it to pen and paper. I have created our security policies and control standards as well as our governance forums with our executive management to discuss all things, security and technical privacy related.
Nicole Thomas: Fantastic. What would you say the biggest issue security pros are facing right now?
Kayla Williams: I would have to say the ambiguity of the expectations that we have, there’s a lot of guidance being put out but no one’s really saying how to do it. So if you look at things like GDPR or CCPA there’s a whole lot of talk about what you need to do, but not how to do it. So every company’s doing something a little bit differently.
Which means that resources are being spread too thin, priorities are constantly shifting just to meet those sort of expectations, especially when you talk about customers. One customer might want one thing, let’s say, all of your data hosted in Europe and the other one might say oh no, I want all my data hosted in Canada and how our company is supposed to be flexible enough to handle that without someone, somewhere saying what they need to do.
Nicole Thomas: Absolutely. Where does identity fit into the overall security landscape?
Kayla Williams: Identity lifecycle management or the entire IAM program really is at the forefront of everything. We talked about technical privacy GDPR, CCPA but if you talk about ISO 27001, HIPAA, HITRUST, etc. it’s all about making sure that your access is at the least privilege. That people are not accessing data that shouldn’t be accessing it. Especially when we talk about how data can be sold on the black market, it becomes a real risk to organizations, if they don’t have a good IAM program in place.
Nicole Thomas: Speaking of IAM program, can you tell us a little bit about what you’re planning to accomplish with SailPoint?
Kayla Williams: Yeah, absolutely. We are going to be trying to run our entire IAM program right through SailPoint. So we are actually just at the beginning phases of our project, which is taking our critical applications and onboarding them into SailPoint. With that we’ve had to create an entire joiners’ movers leavers process, that we could roll out across the entire organization and we’re working very closely with the SailPoint team on access roles management as well as the AI and machine learning components as well.
Nicole Thomas: As you start that, what, what are your accomplishments plan for the coming year, as you head into 2020?
Kayla Williams: Yeah, absolutely. So we are looking to onboard all of our SOX critical applications, first and foremost is to make sure that we’re abiding by the law. And then we’ve actually established a criticality questionnaire, with all of our other applications. So we’re going to be slow rolling those into our program. And with that, it’s going to be a major culture change for the entire organization and we’re planning to send out lots of communications around that, just to make sure everybody’s on board, change management. So it’s a huge thing, but IAM is really the core of our security focus for this year.
Nicole Thomas: Fantastic. Well, thank you so much for joining us. Have a great time at the conference.
Kayla Williams: Thank you very much.
Find out how SailPoint can help your organization.